has moved to this site, For information, please join the Google Group forensicswiki-reborn

SQLite Recovery

From Forensics Wiki
Jump to navigation Jump to search
SQLite Recovery
Maintainer: Sanderson Forensics Ltd.
OS: Windows
Genre: Analysis
License: Commercial

Modern operating systems typically contain many sqlite databases (often in excess of 100), SQLite Recovery can be used to display all of them alongside each other allowing the investigator to gain an overview of the type and content of all of the databases on the suspects computer. These databases can contain anything from SMS messages to lists of passwords and are an invaluable source of evidence.

SQLite Recovery is a forensic tool to aid in the recovery of SQLite databases, tables and records. SQLite Recovery can search a disk, volume, image or file for deleted SQLite databases.

The output of SQLite Recovery is individual sqlite databases that can be investigated with other forensic software such as SkypeAlyzer.


   Simple to use
   Template based
   Carves deleted journal and WAL files
   Carves unknown databases (including those in unallocated space)
   Search all tables for multiple keywords at one
   Template constraints can override column affinity
   Extracts to sqlite databases to investigate with 'other' forensic software
   Export a recovered table to XLS
   Parse time filtering to improve quality of recovered data
   Optionally display numeric columns as formatted date
   Advanced filters to clean up data post parse
   Automatically identify and delete duplicate rows
   Supports parsing from individual files (DD/Unallocated), logical and physical devices, EWF images.

External Links